Note that when input CorsConfiguration is null, this
implementation does not reject simple or actual requests outright but simply
avoid adding CORS headers to the response. CORS processing is also skipped
if the response already contains CORS headers, or if the request is detected
as a same-origin one.